Geek Answers Handbook

Access to HttpContext and User Identity from the Data Layer

I need to implement fields of type AddBy / ChangedBy in my base entity, which inherit all other objects (Fluent Nhibernate).

Accessing HttpContext.User.Identity from my repository / data level is probably not a good idea .. or is it? What is the best way to capture my user (current credentials) to record which records have been added or changed? Re-factoring the entire application to include user information in the repository calls would be foolish. I am sure there is a better, more general way.

+7
c # asp.net-mvc asp.net-identity
source share
6 answers

Accessing the HttpContext in the DataLayer makes life harder, especially if you use Unit Tests. The solution is to provide a service to provide wide application user information, for example:

 public interface ICurrentUserService { string UserName {get;} string UserId {get;} string HostIP {get;} // etc. }

Then you can implement specific services and introduce your preferred IoC container.

 public class CurrentWebUserService : ICurrentUserService { // implement interface members public CurrentWebUserService(HttpContext context) { ... } public string UserName { get { ... } } // etc. } // maybe you want a stub service to inject while unit testing. public class CurrentUserServiceStub : ICurrentUserService { } // data public class MyDaoService { public DaoService(ICurrentUserService currentUser) { ... } }
+8
source

You're right. HttpContext.User.Identity to your HttpContext.User.Identity class from your repository is not a good idea. HttpContext is a problem with the user interface and as such should go no further than the user interface level.

What you need to do is use an IoC container (e.g. StructureMap) to insert dependency details ( HttpContext.User.Identity ) into your repository or any other level, such as a service level, through dependency injection.

An example of how this can be configured (in this case, it is a session object), see the last part of this answer .

+1
source

The AddBy / ChangedBy field is potentially important for any backends. You might even want to have AccessedBy for logging. Therefore, you would like to think that user information is a central part of your data. It is also possible that you will need other data, such as a client IP address registered for security reasons. This is probably a good idea for the whole context to change to a data layer, so that you have the flexibility to capture and store customer information.

0
source

HttpContext.Current is a static member that can be accessed anywhere in the application. https://msdn.microsoft.com/en-us/library/system.web.httpcontext.current%28v=vs.110%29.aspx Obviously, there are problems, for example, if you do not have an HttpContext when calling the code.

So, HttpContext.Current.User should work for you. I would not recommend it, because your basic data access code now depends on what should be stored on your display or controller logic, etc. It is also assumed that your data access is in the web application itself, and not in, say, an external library.

Personally, I just pass on the details, such as user ID and access time, as part of adding and changing database queries. Make the class "AuditTrail" or something else. This will allow you to reuse this data access code (always good) in another project without having to retrieve all the HttpContext materials.

0
source

I used factory to get the right repo with or without "CurrentUser", as sometimes you need to know who the user is, and sometimes not.

 //I have a current user that I got from the Identity var repo = RepoFactory.GetRepo<Users>(currentUserId); //I don't have a current user var repo = RepoFactory.GetRepo<Users>()

This way you can infer Identity from the HttpContext and pass only the details that you need for the repo.

0
source

  • HttpContext.User.Identity is of type System.Security.Principal.IIdentity . Don't mess it up with the Microsoft.AspNet.Identity library (NuGet package), which is actually indicated by the asp.net-identity tag in your question.

  • Identity lib consists of a common part and its implementation of ORM. This is usually for the Entity Framework . But if you intend to use the Microsoft.AspNet.Identity package as you describe using NHibernate, you will most likely need this package .

I did not use it, but I used the EF implementation. See this answer on how to inherit the predefined IdentityDbContext<T> , where T is your custom class. I think NH has the same smooth configuration. You can then associate any of the objects in the DbContext with AppUser

0
source

More articles:


All Articles